1. Field of the Invention
This invention relates to trusted computing, and particularly to systems, methods and computer program products for generating anonymous assertions.
2. Description of Background
Currently, anonymous role authentication can be implemented with an anonymous authentication controller that enables a user to control anonymity of the user's own identity for role based network accesses to resources. A role authentication certificate is received from a role authenticator by a user. In exemplary embodiments, the role authenticator issues the role authentication certificate to certify that the holder of the role authentication certificate is a member of a particular role without having the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for the user to anonymously present the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining anonymity of the user identity for authenticated role-based accesses.
With Anonymous Role Authentication, a user can make some sort of an assertion on a computing device, and that assertion can be anonymously linked to a prior authentication. However, unless the computing device on which the assertion is made can be trusted, then the entity evaluating the assertion cannot be sure that the cryptographic operations were performed according to the intent of the user. For instance, the problems involving malware (such spyware and adware) on consumer operating systems are well known. Such malicious software can trivially compromise the integrity of the machine and intercept cryptographic keys or cause software to execute in a way that the user did not intend.